task chain - Dell updates missing?
Im trying to run a script to disable bitlocker for one restart and then run dell updates so when bios is done we dont wind up with dozens of users stuck on a "enter your bitlocker key" screen. However, when I try to create a task chain I can add my suspend bitlocker script, but dell updates are seemingly not allowed in task chain?
Anyone come up with a way around this?
Answers (3)
If Dell updates are not included as an option within a task chain that will be because Quest thought it was a bad idea to put them in. There will be no workaround, the only advice I can offer is to raise it as an idea in uservoice.
Comments:
-
Thanks.. I was looking for some advice on how to work around it. I guess I could schedule bitlocker suspend script to run a few hrs before dell updates and hope.. HOPE that it succeeded.. and then schedule the bios updates. Sounds like Im not going to automate this. Shame.. KACE converted dell updates to work identical to windows patches on the 11.1 release.. so dont know what they thought it a bad idea.. Im guessing they just didnt get around to it to be honest. I checked and it is not available in 12.x either. Dell command has this built in.. there is an option to suspend check box.. - barchetta 2 years ago
-
Why would you need to run a Bitlocker suspend script? The Dell Updates section of KACE seems to work just fine, youll just have to either schedule accordingly after your task chains, or manually push them out after you get some of them done (which I what we do). The biggest complaint I have about the Dell Updates through KACE is needing to manually run them twice since they only install the Dell OpenManage Inventory Agent, which does suck up a lot of time since they don't all like to finish at once.. - teamOC 2 years ago
-
Because SOME Dell bios updates will require it be suspended. This is well documented. If you havent gotten bitten, you will eventually. Before dell command had this ability we would randomly get calls for the bitlocker key post bios update.
Re the openmanage inventory agent.. have you tried a deploy/detect? In my experience in general, this will cause the remaining updates to install after the 1st restart.. but that is only when there is a patch dependent on another patch. Havent specifically tried this on an initial install where openmanage is required. - barchetta 2 years ago
You can use Dell Command Update!
I have divided this into 2 scripts. Using "Scripting -> Scripts" , calling Dell Command Update command line interface.
Script 1 : Update all DELL drivers (and Dell Command Update itself), BUT NOT BIOS.
“C:\Program Files (x86)\Dell\CommandUpdate\dcu-cli.exe” with params “/configure -silent -autoSuspendBitLocker=enable -userConsent=disable -scheduleManual -updateType=firmware,driver,application,others,utility”
“C:\Program Files (x86)\Dell\CommandUpdate\dcu-cli.exe” with params “/applyUpdates -silent -reboot=disable -outputLog=C:\Dell\Dell-CU-apply-nonBIOS.log”
Script 2 : Update DELL BIOS. We use Bitlocker, but Dell Command Update has the ability to suspend Bitlocker, so no sweat.
C:\Program Files (x86)\Dell\CommandUpdate\dcu-cli.exe” with params “/configure -silent -autoSuspendBitLocker=enable -userConsent=disable -scheduleManual -updateType=bios”
“C:\Program Files (x86)\Dell\CommandUpdate\dcu-cli.exe” with params “/applyUpdates -silent -reboot=enable -outputLog=C:\Dell\Dell-CU-apply-BIOS.log”
Comments:
-
The problem we have with Dell Command.. is there is no way to force a reboot after requesting it... Dell Command just asks for the restart over and over... In your Script 2, you look to be restarting immediately with no option to delay the restart for the end user. Wont fly in our environment. That being said.. I really wish Kace would adopt "office hours" and be able to avoid restarts just like NATIVE Windows updates does.. really an oversight on their part.. I dont expect any changes because there never are. - barchetta 2 years ago
-
In my Script 2 , I have set an inital message with OK/Snooze option (60 min snooze), so the user can run or delay the execution which includes a reboot. I run this on friday morning, and the user can snooze every hour through the day if they want to.
I think you can adopt "office hours" by setting a custom registry key/value in scripts that demand reboot, instead of a reboot.
Create a script that reads that registry key/value. Important : if the particular pc doesn't require a reboot - make the script exit on "on_remediation_failure". Example : Verify if registry key says the PC needs a reboot. Set the Remediation to Always Fail.
Create another script that reboot the pc, with the options you wish to present to the users.
Create a Task chain with the 2 scripts above and check the "Abort on failure" on the first script - and schedule the task chain to your preferred out of office hours. - atle.gjonnes 2 years ago
Looks like I can't reply to that comment chain anymore, but no, we have not gotten bitten by BIOS updates triggering Bitlocker when done via KACE. We are using the default settings for Bitlocker with PCRs 0, 2, 4, and 11 for UEFI. Been couple of years now. I had just assumed something automatic was suspending Bitlocker for me, since our testing (and now lots of field use) has not given us issues.
Yes, it is for the initial install where openmanage is needed, and thus needs to be pushed twice since the only thing to show on first detect is openmanage and the rest don't populate until that is installed.
Your request to have Dell Updates in the task chain would help alleviate this of course, since you could enter it twice. I wonder if this isn't enabled to push customers to buy the K2000.